관리자 멤버 상세와 추가 화면 구현

2026-05-13 11:18:06 +09:00
parent b4f3fdb77d
commit fb0dadb7b9
16 changed files with 778 additions and 36 deletions
--- a/server/repositories/member-repository.js
+++ b/server/repositories/member-repository.js
@@ -9,6 +9,48 @@ export const MEMBER_ROLE = {

 const PRIVILEGED_ROLES = [MEMBER_ROLE.OWNER, MEMBER_ROLE.ADMIN]

+/**
+ * 회원 권한 표시 문자열을 반환한다.
+ * @param {string} roleCode - 권한 코드
+ * @returns {string} 권한 표시 문자열
+ */
+const getMemberRoleLabel = (roleCode) => roleCode === MEMBER_ROLE.OWNER
+  ? '소유자'
+  : roleCode === MEMBER_ROLE.ADMIN
+    ? '관리자'
+    : '멤버'
+
+/**
+ * 관리자 회원 행을 응답 객체로 변환한다.
+ * @param {Object} row - DB 회원 행
+ * @returns {Object} 관리자 회원 응답
+ */
+const mapAdminMemberRow = (row) => {
+  const lastSeenAt = row.lastSeenAt ? row.lastSeenAt.toISOString() : null
+  const isActive = row.lastSeenAt
+    ? Date.now() - new Date(row.lastSeenAt).getTime() <= 1000 * 60 * 60 * 24 * 30
+    : false
+  const roleCode = String(row.roleCode || MEMBER_ROLE.MEMBER)
+
+  return {
+    id: row.id,
+    username: row.username,
+    email: row.email,
+    avatarUrl: row.avatarUrl || '',
+    labels: Array.isArray(row.labels) ? row.labels : [],
+    note: row.note || '',
+    isAdmin: Boolean(row.isAdmin),
+    roleCode,
+    createdAt: row.createdAt.toISOString(),
+    updatedAt: row.updatedAt.toISOString(),
+    lastSeenAt,
+    lastSeenIp: row.lastSeenIp || '',
+    commentCount: Number(row.commentCount || 0),
+    activityStatus: isActive ? '활성' : '비활성',
+    role: getMemberRoleLabel(roleCode)
+  }
+}
+
 /**
 * @typedef {Object} MemberUser
 * @property {string} id - 사용자 ID
@@ -306,6 +348,31 @@ export const isUsernameTaken = async (input) => {
  return Boolean(rows?.[0])
 }

+/**
+ * 이메일 중복 확인
+ * @param {{ email: string, excludeUserId?: string }} input - 이메일과 제외 사용자 ID
+ * @returns {Promise<boolean>} 중복 여부
+ */
+export const isEmailTaken = async (input) => {
+  const sql = requireSql()
+  const rows = input.excludeUserId
+    ? await sql`
+      SELECT id
+      FROM users
+      WHERE lower(email) = lower(${input.email})
+        AND id <> ${input.excludeUserId}
+      LIMIT 1
+    `
+    : await sql`
+      SELECT id
+      FROM users
+      WHERE lower(email) = lower(${input.email})
+      LIMIT 1
+    `
+
+  return Boolean(rows?.[0])
+}
+
 /**
 * 관리자용 회원 목록 조회(댓글 활동 포함)
 * @returns {Promise<Array<{ id: string, username: string, email: string, avatarUrl: string, isAdmin: boolean, roleCode: string, createdAt: string, updatedAt: string, lastSeenAt: string | null, lastSeenIp: string, commentCount: number, activityStatus: string, role: string }>>} 회원 목록
@@ -318,6 +385,8 @@ export const listMembersForAdmin = async () => {
      users.username,
      users.email,
      users.avatar_url AS "avatarUrl",
+      users.member_labels AS "labels",
+      users.member_note AS "note",
      users.is_admin AS "isAdmin",
      users.user_role AS "roleCode",
      users.created_at AS "createdAt",
@@ -331,32 +400,104 @@ export const listMembersForAdmin = async () => {
    ORDER BY users.created_at DESC
  `

-  return rows.map((row) => {
-    const lastSeenAt = row.lastSeenAt ? row.lastSeenAt.toISOString() : null
-    const isActive = row.lastSeenAt
-      ? Date.now() - new Date(row.lastSeenAt).getTime() <= 1000 * 60 * 60 * 24 * 30
-      : false
+  return rows.map(mapAdminMemberRow)
+}

-    return {
-      id: row.id,
-      username: row.username,
-      email: row.email,
-      avatarUrl: row.avatarUrl || '',
-      isAdmin: Boolean(row.isAdmin),
-      roleCode: String(row.roleCode || MEMBER_ROLE.MEMBER),
-      createdAt: row.createdAt.toISOString(),
-      updatedAt: row.updatedAt.toISOString(),
-      lastSeenAt,
-      lastSeenIp: row.lastSeenIp || '',
-      commentCount: Number(row.commentCount || 0),
-      activityStatus: isActive ? '활성' : '비활성',
-      role: row.roleCode === MEMBER_ROLE.OWNER
-        ? '소유자'
-        : row.roleCode === MEMBER_ROLE.ADMIN
-          ? '관리자'
-          : '멤버'
-    }
-  })
+/**
+ * 관리자용 회원 상세 조회
+ * @param {string} memberId - 회원 ID
+ * @returns {Promise<Object | null>} 회원 상세
+ */
+export const getMemberForAdmin = async (memberId) => {
+  const sql = requireSql()
+  const rows = await sql`
+    SELECT
+      users.id,
+      users.username,
+      users.email,
+      users.avatar_url AS "avatarUrl",
+      users.member_labels AS "labels",
+      users.member_note AS "note",
+      users.is_admin AS "isAdmin",
+      users.user_role AS "roleCode",
+      users.created_at AS "createdAt",
+      users.updated_at AS "updatedAt",
+      users.last_seen_at AS "lastSeenAt",
+      users.last_seen_ip AS "lastSeenIp",
+      COALESCE(count(comments.id), 0)::int AS "commentCount"
+    FROM users
+    LEFT JOIN comments ON comments.user_id = users.id AND comments.status = 'published'
+    WHERE users.id = ${memberId}
+    GROUP BY users.id
+    LIMIT 1
+  `
+
+  return rows?.[0] ? mapAdminMemberRow(rows[0]) : null
+}
+
+/**
+ * 관리자 화면에서 회원을 생성한다.
+ * @param {{ username: string, email: string, passwordHash: string, avatarUrl: string, labels: string[], note: string }} input - 생성 값
+ * @returns {Promise<Object>} 생성된 회원
+ */
+export const createMemberByAdmin = async (input) => {
+  const sql = requireSql()
+  const rows = await sql`
+    INSERT INTO users (
+      username,
+      email,
+      password_hash,
+      avatar_url,
+      member_labels,
+      member_note,
+      is_admin,
+      user_role
+    )
+    VALUES (
+      ${input.username},
+      ${input.email},
+      ${input.passwordHash},
+      ${input.avatarUrl},
+      ${input.labels},
+      ${input.note},
+      false,
+      ${MEMBER_ROLE.MEMBER}
+    )
+    RETURNING id
+  `
+
+  const created = rows?.[0]
+  if (!created) {
+    throw createError({
+      statusCode: 500,
+      message: '회원 생성에 실패했습니다.'
+    })
+  }
+
+  return getMemberForAdmin(created.id)
+}
+
+/**
+ * 관리자 화면에서 회원 기본 정보를 수정한다.
+ * @param {{ memberId: string, username: string, email: string, avatarUrl: string, labels: string[], note: string }} input - 수정 값
+ * @returns {Promise<Object | null>} 수정된 회원
+ */
+export const updateMemberByAdmin = async (input) => {
+  const sql = requireSql()
+  const rows = await sql`
+    UPDATE users
+    SET
+      username = ${input.username},
+      email = ${input.email},
+      avatar_url = ${input.avatarUrl},
+      member_labels = ${input.labels},
+      member_note = ${input.note},
+      updated_at = now()
+    WHERE id = ${input.memberId}
+    RETURNING id
+  `
+
+  return rows?.[0] ? getMemberForAdmin(rows[0].id) : null
 }

 /**
--- a/server/routes/admin/api/members.post.js
+++ b/server/routes/admin/api/members.post.js
@@ -0,0 +1,59 @@
+import { randomBytes } from 'node:crypto'
+import bcrypt from 'bcrypt'
+import { createError, readBody } from 'h3'
+import { z } from 'zod'
+import { requireAdminSession } from '../../../utils/admin-auth'
+import { createMemberByAdmin, isEmailTaken, isUsernameTaken } from '../../../repositories/member-repository'
+
+const memberInputSchema = z.object({
+  username: z.string().trim().min(1).max(60),
+  email: z.string().trim().email().max(254),
+  avatarUrl: z.string().trim().max(500).optional().default(''),
+  labels: z.array(z.string().trim().min(1).max(40)).max(20).optional().default([]),
+  note: z.string().max(500).optional().default('')
+})
+
+/**
+ * 관리자 회원 생성 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<Object>} 생성된 회원
+ */
+export default defineEventHandler(async (event) => {
+  requireAdminSession(event)
+  const parsedBody = memberInputSchema.safeParse(await readBody(event))
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '회원 생성 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const body = parsedBody.data
+  const email = body.email.toLowerCase()
+
+  if (await isUsernameTaken({ username: body.username })) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 이름입니다.'
+    })
+  }
+
+  if (await isEmailTaken({ email })) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 이메일입니다.'
+    })
+  }
+
+  const passwordHash = await bcrypt.hash(randomBytes(32).toString('hex'), 12)
+
+  return createMemberByAdmin({
+    username: body.username,
+    email,
+    passwordHash,
+    avatarUrl: body.avatarUrl,
+    labels: [...new Set(body.labels)],
+    note: body.note
+  })
+})
--- a/server/routes/admin/api/members/[id].get.js
+++ b/server/routes/admin/api/members/[id].get.js
@@ -0,0 +1,30 @@
+import { createError, getRouterParam } from 'h3'
+import { requireAdminSession } from '../../../../utils/admin-auth'
+import { getMemberForAdmin } from '../../../../repositories/member-repository'
+
+/**
+ * 관리자 회원 상세 조회 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<Object>} 회원 상세
+ */
+export default defineEventHandler(async (event) => {
+  requireAdminSession(event)
+  const memberId = String(getRouterParam(event, 'id') || '')
+
+  if (!memberId) {
+    throw createError({
+      statusCode: 400,
+      message: '회원 ID가 필요합니다.'
+    })
+  }
+
+  const member = await getMemberForAdmin(memberId)
+  if (!member) {
+    throw createError({
+      statusCode: 404,
+      message: '회원을 찾을 수 없습니다.'
+    })
+  }
+
+  return member
+})
--- a/server/routes/admin/api/members/[id].put.js
+++ b/server/routes/admin/api/members/[id].put.js
@@ -0,0 +1,80 @@
+import { createError, getRouterParam, readBody } from 'h3'
+import { z } from 'zod'
+import { requireAdminSession } from '../../../../utils/admin-auth'
+import { getMemberForAdmin, isEmailTaken, isUsernameTaken, updateMemberByAdmin } from '../../../../repositories/member-repository'
+
+const memberInputSchema = z.object({
+  username: z.string().trim().min(1).max(60),
+  email: z.string().trim().email().max(254),
+  avatarUrl: z.string().trim().max(500).optional().default(''),
+  labels: z.array(z.string().trim().min(1).max(40)).max(20).optional().default([]),
+  note: z.string().max(500).optional().default('')
+})
+
+/**
+ * 관리자 회원 기본 정보 수정 API
+ * @param {import('h3').H3Event} event - 요청 이벤트
+ * @returns {Promise<Object>} 수정된 회원
+ */
+export default defineEventHandler(async (event) => {
+  requireAdminSession(event)
+  const memberId = String(getRouterParam(event, 'id') || '')
+  const parsedBody = memberInputSchema.safeParse(await readBody(event))
+
+  if (!memberId) {
+    throw createError({
+      statusCode: 400,
+      message: '회원 ID가 필요합니다.'
+    })
+  }
+
+  if (!parsedBody.success) {
+    throw createError({
+      statusCode: 400,
+      message: '회원 수정 요청 형식이 올바르지 않습니다.'
+    })
+  }
+
+  const existing = await getMemberForAdmin(memberId)
+  if (!existing) {
+    throw createError({
+      statusCode: 404,
+      message: '회원을 찾을 수 없습니다.'
+    })
+  }
+
+  const body = parsedBody.data
+  const email = body.email.toLowerCase()
+
+  if (await isUsernameTaken({ username: body.username, excludeUserId: memberId })) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 이름입니다.'
+    })
+  }
+
+  if (await isEmailTaken({ email, excludeUserId: memberId })) {
+    throw createError({
+      statusCode: 409,
+      message: '이미 사용 중인 이메일입니다.'
+    })
+  }
+
+  const updated = await updateMemberByAdmin({
+    memberId,
+    username: body.username,
+    email,
+    avatarUrl: body.avatarUrl,
+    labels: [...new Set(body.labels)],
+    note: body.note
+  })
+
+  if (!updated) {
+    throw createError({
+      statusCode: 500,
+      message: '회원 수정에 실패했습니다.'
+    })
+  }
+
+  return updated
+})